From 5aef4460fc594cd93923be87e837ae6d78e61eaf Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Tue, 30 Aug 2022 20:40:14 +0000
Subject: [PATCH] Check HMAC() return value to avoid a later use of
 uninitialized

CID 25421
---
 usr.bin/openssl/s_cb.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/usr.bin/openssl/s_cb.c b/usr.bin/openssl/s_cb.c
index 12a6c308fb3..ffaa4c5b4de 100644
--- a/usr.bin/openssl/s_cb.c
+++ b/usr.bin/openssl/s_cb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_cb.c,v 1.18 2022/02/03 18:40:34 tb Exp $ */
+/* $OpenBSD: s_cb.c,v 1.19 2022/08/30 20:40:14 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -914,8 +914,12 @@ verify_cookie_callback(SSL * ssl, const unsigned char *cookie,
 	}
 
 	/* Calculate HMAC of buffer using the secret */
-	HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
-	    buffer, length, result, &resultlength);
+	if (HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
+	    buffer, length, result, &resultlength) == NULL) {
+		free(buffer);
+		return 0;
+	}
+
 	free(buffer);
 
 	if (cookie_len == resultlength &&
-- 
2.20.1